Stage 1
You are investigating malware on a laptop computer. The malware is exhibiting the following characteristics:
• It is blocking access to some user data.
• It has encrypted some user data.
• A stranger is demanding compensation to give you access to the data.
Which type of malware is on the laptop computer?
What is Cryto-malware?
You are troubleshooting communication between a client and a server. The server has a web application running on port 80. The client is unable to connect to the web application. You validate that the client has network connectivity to the server by successfully pinging the server from the client. You check the server and notice that the web server service is running. Now, you need to validate the port that the web application is listening on. Which of the following tools should you use?
What is Netstat?
In this scenario, you need to look at the listening ports on the server. You should use the Netstat tool to list all the listening ports. Optionally, you can look at the web server configuration to look for the configured port, but this is not one of the answers listed.
Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?
A. ACLs
B. HIPS
C. NAT
D. MAC filtering
What is ACL?
Which of the following protocols can be used to perform configuration management on a remote server using the MOST secure methods? (Select TWO).
A. SMTP
B. DHCP
C. RDP
D. SSH
E. TELNET
F. DNS
What is RDP and SSH?
Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should Pete do NEXT?
Mark one answer:
A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.
B. Tell the application development manager to code the application to adhere to the company’s password policy.
C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.
D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.
C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.
An executive assistant reports a suspicious phone call to you. You ask him to describe the calls in more detail and he provides the following information:
• The caller claims to be a member of the IT department.
• The caller claims that the executive assistant’s computer has a virus.
• The caller requests access to the executive assistant’s computer to remove the virus.
• The caller asks for immediate access due to the vicious nature of the virus.
The executive assistant thought the call was suspicious because it came from outside of the company and he had never heard of the person before. Which type of attack occurred and which technique did the attacker use to try to gain access to the computer?
what is Vishing attack with urgency?
A customer is preparing to deploy a new web application that will primarily be used by the public over the internet. The web application will use HTTPS to secure the user connections. You are called to review the configuration of the environment. You discover the following items:
• The customer’s internal PKI issued the certificate for the web application.
• The certificate used for the web application is a wildcard certificate.
Based on your findings, which of the following outcomes is most likely to occur for public users?
The certificate will be reported as untrusted.
The certificate will be reported as untrusted because the internal PKI issued the certificate, but the web application is used by the public over the internet and the public doesn’t trust your internal PKI. While there are scenarios in which an internal PKI is trusted for public use, that isn’t specified in this scenario. The wildcard certificate, while not recommended for this scenario, will not cause any of the issues listed.
Which of the following encryption methods does PKI typically use to securely project keys?
A. Elliptic curve
B. Digital signatures
C. Asymmetric
D. Obfuscation
What is Digital Signatures?
Which of the following devices can monitor a network and detect potential security attacks?
IDS
Proxy
DNS server
Load balancer
CSU/DSU
What is IDS?
-Jane, the CEO, receives an email wanting her to clink on a link to change her username and password. Which of the following attacks has she just received?
A. Hoaxes
B. Whaling
C. Bluejacking
D. Vishing
What is Whaling?
One of your customers recently reported that their corporate website was attacked. As part of the attack, the website was defaced and a message supporting a political party was added. Which of the following threat actors is likely responsible?
What is a Hacktivist?
You are configuring a mobile device management solution to be used for your company’s mobile devices. The management team has a single immediate requirement: prevent users from bypassing the Apple or Android app store to install apps. What should you do?
Configure MDM to prevent sideloading.
Sideloading is the act of installing apps outside of the app stores. Many organizations prefer to block sideloading because of the high risk of malware in apps outside of an official app store.
An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?
A. False negative
B. True negative
C. False positive
D. True positive
What is C. False positive?
What type of malware do users inadvertently install with USB thumb drives?
A. Spam
B. Trojans
C. Buffer overflow
D. Logic bomb
What are Trojans?
In a corporation where compute utilization spikes several times a year, the Chief Information Officer (CIO) has requested a cost-effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested?
What is Elasticity?
Elasticity is defined as “the degree to which a system is able to adapt to workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible”.
Your company plans to have a third-party company perform penetration testing on their IT environment. The company has established the following guidelines for the testing:
• The third-party company will not be given any information about the IT environment.
• The third-party company will not be given access to the IT environment.
Which type of penetration testing should you request?
What is Black Box?
You are implementing a secure file sharing solution at your organization. The solution will enable users to share files with other users. The management team issues a key requirement — the file sharing must occur over SSH. Which protocol should you implement?
what is SFTP?
SFTP uses SSH for file transfer. FTPS is a file-transfer protocol but it uses FTP rather than SSH. The other two protocols are not designed for file sharing: S/MIME is used for email communication, and SRTP is used to secure communications over a telephony or communications-based network.
An organization finds that most help desk calls are regarding account lockout due to a variety of applications running on different systems. Management is looking for a solution to reduce the number of account lockouts while improving security. Which of the following is the BEST solution for this organization?
A. Create multiple application accounts for each user. B. Provide secure tokens.
C. Implement SSO.
D. Utilize role-based access control.
Implement SSO
A user is issued a token with a number displayed in an LCD. What does this provide?
A. Rolling password for one-time use
B. Multifactor authentication
C. CAC
D. PIV
What is Rolling password for one-time use?
A is correct. A token (such as an RSA token) provides a rolling password for one-time use.
Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?
A customer has requested that you test their user password strength. The customer provides you a secure, air-gapped computer and the password hashes. You need to try to crack the passwords using the hashes. Speed is the most important factor because the customer is contemplating an enterprise-wide password reset. Which of the following technologies should you use in your attack?
What is rainbow tables?
Of the available choices, rainbow tables provide the fastest effective attack method for password hashes. Because the tables are pre-computed, they provide excellent performance, especially for password hash attacks.
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select two.)
A. Password expiration
B. Password length
C. Password complexity
D. Password history
E. Password lockout
What is
C. Password complexity
D. Password history
Clients cannot connect to the network. A technician determines that port 68 is not open. Which of the following protocols is being blocked?
A. POP3
B. DNS
C. LDAP
D. DHCP
What is DHCP?
Sally encrypted a project file with her public key. Later, an administrator accidentally deleted her account that had exclusive access to her private key. Can this project file be retrieved?
A. No. If the private key is lost, the data cannot be retrieved.
B. Yes. The public key can decrypt the file.
C. Yes, if a copy of her public key is stored in escrow.
D. Yes, if the organization uses a recovery agent.
D. Yes, if the organization uses a recovery agent.
D is correct. If an organization uses a recovery agent, the recovery agent can decrypt the file, in some cases by recovering a copy of the private key, and in other cases by using a special recovery agent key.
A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions the penetration tester is performing?
What is Reconnaissance?